CLAIMS 



What is claimed is: 

1 . A system, comprising: 

at least one port component through which an end user needs to be 
authenticated and authorized in order to access a network resource via a network 
provider's network, the port component being able to enforce an access policy and to 
apply rules of a service provider of the end user during the end user's use of the 
network provider's network.; 

at least one first director component communicatively coupled to the port 
component to provide the access policy to be used in connection with the network 
provider's grant of access to its network; 

at least one second director component communicatively coupled to the 
first director component to provide the access policy to the first director component in 
connection with the service provider's request for access to the network provider's 
network on behalf of its end user and in connection with authentication and 
authorization of the end user; and 

a home provider register (HPR) component communicatively coupled to 
the first director component to be used by the first director component in connection 
with detennination of a service provider of the end user. 

2. The system of claim 1 , further comprising a business support 
system (BSS) component communicatively coupled to the director component, from 
which the Director component obtains data associated with the access policy. 

3. The system of claim 1 wherein different director components are 
associated with the network provider and with the service provider, the director 
components of these providers being able to communicate with each other to provide 
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the access policy to the port component to allow the user to access the network 
resource via the network provider's network. 

4. The system of claim 1 wherein the network provider and the service 
provider have no existing network share agreement between them. 

5. The system of claim 4 wherein, if the end user is authenticated and 
authorized to access the network resource via the network provider's network, the 
network share agreement is established between the network provider and service 
provider for the duration of the end user's access of the network provider's network. 



6. The system of claim 1 wherein the network provider and the service 
provider have an existing network share agreement between them. 

7. The system of claim 1 , further comprising a provider revocation list 
communicatively coupled to the director components, and usable to verify whether there 
is a denial of service for either the service provider and the network provider. 

8. The system of claim 1 wherein alternatively or additionally to the 
HPR, the director component is able to determine the service provider of the end user 
based on at least one of token information, multiple tokens corresponding to multiple 
providers, identification infonnation on a device being used by the end user, email 
address of the end user, an open search interface technique, a RADIUS technique, and 
user-input data provided by the end user. 

9. The system of claim 8 wherein the director component is able to 
determine the service provider of the end user without requiring additional hardware and 
software on the device used by the end user. 
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10. The system of claim 1 wherein if the service provider is unavailable 
or if an agreement between the service provider and network providers cannot be 
made, the network provider through the director component can associate the end user 
with a preferred service provider. 

1 1 . The system of claim 1 wherein the port component is further able to 
track accounting data for each end user and to shape service metrics according to a 
service plan of the service provider. 

12. The system of claim 1 wherein the port component is further able to 
use a heartbeat process to monitor activity of the end user, if authenticated, for 
purposes of billing and to verify that no end user sessions are left open. 

13. The system of claim 1 wherein at least one of the director 
components is able to securely perform at least one of: 

determine a network-share agreement between the network provider and 
the service provider, if any; 

import brand information of the service provider to the port component to 
deliver to the user; 

communicate authentication credentials of the end user to the service 

provider; 

communicate, to the port component, whether to allow or deny access to 
the end user and impose the restrictions from the service provider, if any; and 

communicate accounting information to the network provider and to the 
service provider as part of a network share arrangement. 

14. The system of claim 1 . further comprising at least one of the 
following network sharing components: 
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a PartnerAccept component that identifies pre-negotiated cross-license 
terms between the network provider and the service provider; 

a billing component wherein end-user usage metrics collected by the port 
component are transmitted to the network provider and the service provider for 
accounting purposes; 

a Clearinghouse component to coordinate and ensure payment to the 
network provider from the service provider as a result of allowing access to the end 
user; 

an AutoAccept component to determine a minimum compensation that a 
network provider will accept to allow access to its network by end users of the service 
provider; 

an AutoPay component to determine a maximum compensation that a 
service provider will pay to allow its users to access a network provider's network; a 
first AutoRefuse component to specify service providers whose end users are banned 
from accessing a network provider's network; and 

a second AutoRefuse component to specify network providers whose 
networks are banned from use by a service provider's end users. 

15. The system of claim 14, further comprising an All Access Pass 
component in which the end user is allowed access to any network provider's network 
by agreeing to network provider's payment metrics, provided no AutoRefuse component 
exists for either the network provider or the service provider. 

16. The system of claim 1 wherein the service provider, through the 
port component, is able to enforce its rules on its end user while accessing the network 
provider's network that is not owned by the service provider. 

17. The system of claim 1 wherein a plurality of port components are 
associated with a corresponding plurality of different pricing metrics. 
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18. The system of claim 1 wherein the system allows the end user to 
roam amongst different network providers' networks. 

1 9. The system of claim 1 wherein at least one of port components, 
network resources, service provider rules, management operations, and geographic 
locations are organized based on group containers. 

20. The system of claim 19 wherein at least one of the group 
containers is used in connection with authorization. 

21 . The system of claim 1 wherein the director component is 
communicatively coupled to a legacy system. 

22. The system of claim 1 wherein at least some of the director 
components and the port component are distributed. 

23. The system of claim 1 wherein at least some of the director 
components, port component, and HLR component are scalable to accommodate 
additional end users, network providers, or service providers. 

24. A system, comprising: 

a means for allowing an end user, associated with a service provider, to 
use a network provider's network that is not managed by the service provider; 

a means for determining the service provider of the end user of the 
network provider's network; and 

a means for automatically and dynamically facilitating network sharing 
agreements between the network provider and the service provider, including a means 
for applying the service provider's rules to the end user while the end user uses the 
network provider's network. 
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25. The system of claim 24, further comprising means for authorizing 
and authenticating the end user to the network provider's network. 



26. The system of claim 24, further comprising a means for using a 
preferred provider if the service provider of the end user is unavailable or if a network 
share agreement between the network provider and the service provider cannot be 
implemented. 

27. The system of claim 24 wherein the means for allowing the end 
user to use the network provider's network includes: 

at least one first component means for accessing the network provider's 

network; 

at least one second component means for managing the end user's use of 
the network provider's network; and 

at least another second component means for restricting usage to only 
end user's whose service provider is willing to agree to network sharing terms 

28. The system of claim 27 wherein the at least one first component 
means includes means for applying different pricing policies to different first component 
means. 



29. The system of claim 24, further comprising a heartbeat means for 
monitoring activity of the user for purposes of billing and to verify that no user sessions 
are left open. 

30. The system of claim 24, further comprising a plurality of different 
payment means for implementing billing associated with servicing the user. 
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31 . The system of claim 30 wherein one of the payment means 
includes an All Access Pass means for allowing the end user to access any network 
provider's network subject to payment policies of these network providers and provided 
that another billing component of either the network provider and the service provider do 
not preclude access. 

32. The system of claim 24, further comprising container rneans for 
defining access and network use privileges. 

33. The system of claim 24, further comprising means for allowing 
access to and use of legacy systems. 

34. The system of claim 24, further comprising a means for importing a 
brand or content of the service provider to the network provider's network during use by 
the end user. 

35. The system of claim 24, further comprising device means for 
accessing the network provider's network, and network means within the network 
provider's network for supporting the device means' access and use of the network 
provider's network. 

36. The system of claim 24, further comprising a means for using 
multiple tokens in different classes to represent different service provider states. 

37. The system of claim 24, further comprising means for distributing 
and scaling to accommodate additional network providers, service providers, or users. 

38. A method, comprising: 
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authenticating and authorizing a user to access a network resource via a 
network provider's network; 

providing an access policy to be used in connection with the 
authenticating and authorizing; 

detennlning a service provider of the user, the service provider not being 
substantially involved in managing use of the network provider's network; and 

enforcing the access policy and applying rules of the service provider 
during the user's use of the network provider's network. 

39. The method of claim 38 wherein providing the access policy 
includes providing the access policy based on data from a business support system. 

40. The method of claim 38, further comprising communicating 
between different director components to obtain service provider rules and access 
policies. 

41 . The method of claim 38, further comprising implementing either a 
new or existing network share agreement between the network provider and the service 
provider. 

42. The method of claim 41 wherein implementing the hew network 
share agreement including implementing tenns of the new network share agreement 
only for the duration of the end user's use of the network provider's network. 

43. The method of claim 38 wherein if the service provider is 
unavailable or if an agreement between the service provider and network provider 
cannot be made, the method includes associating the end user with a preferred service 
provider. 
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44. The method of claim 38, further comprising using a heartbeat 
process to monitor activity of the end user for purposes of billing and to verify that no 
end user sessions are left open. 

45. The method of claim 38, further comprising implementing at least 
one of the following service payment components: 

a PartnerAccept component that identifies pre-negotiated cross-license 
terms between network providers and service providers; 

a billing component that distributes accounting information to the service 
provider and the network provider as a result of allowing access to the end user 

a clearinghouse component to coordinate and attempt to ensure payment 
to the network provider from the service provider as a result of allowing access to the 
end user; 

an AutoAccept component to determine a minimum compensation that a 
network provider will accept to allow access to its network by a service provider's end 
users; 

an AutoPay component to determine a maximum compensation that a 
service provider will pay to allow its end users to access a network provider's network; 

a first AutoRefuse component to specify service providers whose end 
users are banned from accessing a network provider's network; and 

a second AutoRefuse component to specify network providers whose 
networks are banned for use by a service provider's end users. 

46. The method of claim 45, further comprising implementing an all 
access pass to allow the end user to access any network provider's network subject to 
billing policies of these network providers, provided that at least one of the AutoRefuse 
components does not negate a network share between the network provider and the 
service provider. 
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47. The method of claim 38, further comprising managing access and 
use of network resources based on group container definitions. 

48. The method of claim 38, further comprising disabling capability to 
access a network resource based on provider revocation settings. 

49. The method of claim 38, further comprising importing brand and 
content information of the service provider to the network provider's network during use 
of that network by the end user. 

50. The method of claim 38, further comprising implementing network 
authorization, access, and use in conjunction with legacy systems. 

51 . The method of claim 38, further comprising implementing different 
pricing policies for different port components that can be used by the end user to access 
the network provider's network. 

52. The method of claim 38 wherein determining the service provider of 
the end user includes determining the service provider without requiring additional 
hardware and software on a device used by the end user. 

53. An article of manufacture, comprising: 

a machine-readable medium having instructions stored thereon to: 
authenticate and authorize an end user to access a network resource via 

a network provider's network; 

provide an access policy to be used in connection with the authenticating 

and authorizing; 

detemnine a service provider of the end user, the service provider not 
being substantially involved in managing use of the network provider's network; and 
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initiate enforcement of the access policy and application of rules of the 
service provider during the end user's use of the network provider's network. 

54. The article of manufacture of claim 53 wherein the machine- 
readable medium further includes instructions stored thereon to initiate implementation 
of either a new or existing network share agreement between the network provider and 
the service provider. 

55. The article of manufacture of claim 53 wherein the machine- 
readable medium includes at least one of instructions stored thereon to: 

determine a network-share agreement between the network provider and 
the service provider, if any; 

import brand and content information of the service provider to be 
delivered to the end user; 

communicate authentication credentials of the end user to the service 

provider; 

communicate whether to allow or deny access to the end user and impose 
the restrictions from the service provider, if any; and 

communicate accounting information to the network provider and to the 
service provider as part of a network share arrangement. 

56. The article of manufacture of claim 53 wherein the machine- 
readable medium further includes instructions stored thereon to monitor use of the 
network provider's network by the end user. 

57. The article of manufacture of claim 53 wherein the machine- 
readable medium further includes instructions stored thereon to disable capability to 
access a network resource based on provider revocation settings. 
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